Roger,
You're right - and I agree 100%. I wanted to make sure that the point was made that
native mode is required for the target - as many people are totally caught off-guard
by the requirement.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert
require that the destination domain be in
native mode. The upside is that you can now migrate the user password.
Jimmy provided you with links on this, so have at it. The price - clearly, is right.
;o)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone
r API calls to Windows 2000 groups.
As you said - test your apps. But, these should fail before going to
Native - not necessarily, after.
Comments?? Anyone want to visit a site in Virginia where they can
see these 500 Windows 3.1 machines in a native mode domain???
;o)
Rick Kingslan
Right - it changes the SERVER. It is not going to change the port that
is used for the End Mapper. It will always be 135.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Mess
Justin,
I'm not sure what you mean by 'reconfiguring the server in the local
profile'? The requirement *is* to communicate over port 135. Outlook
cannot just arbitrarilly decide to communicate over another port to
support this - hence it cannot automatically reconfigure itself.
ead access to the netlogon share
on the PDC, like the repl service account that is used by the LMRepl
directory synchronization service, and click OK.
Enter the password that is used by this account.
======
Hope this helps!
Rick Kingslan MCSE,
Chris,
Thanks for the update and the closure. Can't say that I've seen your
particular problem, but in case I do run into it - I now have something
to try.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/
Title: Message
Stuart,
Thanks
for this. This was pointed out by one of our readers, and it's a good
read. However, now that I've finally finished the Lord of the Rings
trilogy - I'm waiting for part II of THIS series.
;)
Yeah,
I know. Get a life, Rick.
Rick Kings
Title: Message
Linton,
Point
well made. In reality - you're 100% correct. BUT - the ramifications
that you mention are the stickler.
Frankly, I'm sticking with Roger on this one. I know
Vinnie.[1} I don't want to know Guido.[2]
Rick Kingslan MCSE, MCSA, MCTMicroso
Now that I know that this is an Exchange box - I even more emphasize the
value of doing it the easy and safe way.
ERD Commander form www.winternals.com is the best way to accomplish what
you need, Don.
Good Luck!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
I wasn't
seeing it all, and you explained it perfectly.
Sorry
for the less than optimal solution, however. All is not lost - just a tad
bit more expensive from the standpoint of the solution. But, ERD is a
great tool to have, nonetheless.
Regards,
Rick Kingslan MCSE,
password in AD? If so, pwdump and
L0phtCrack has been used successfully in this case - given the right
conditions.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL
should be able to
help.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Don Murawski (Lenox)Sent: Mond
and given that
the Power User cannot exist on a DC, this is the message that you're
going to see (and I've seen it alot.).
Look her for more info:
http://support.microsoft.com/default.aspx?scid=kb;en-us;247482
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associat
any one of the Win2k DCs, what do you get as
a return?
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Amit
Title: Message
Obvious first question - what KIND of clients are we dealing
with?
And,
when you say that they are 'retaining their NT4 identity', what exactly is the
indication that this is happening?
What
changes have been made at the client, if any?
Rick Kingslan
ssage that you're going to see
(and I've seen it alot.).
Look
her for more info: http://support.microsoft.com/default.aspx?scid=kb;en-us;247482
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
Title: Message
RC3? Really. ;)
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Linton Smith (WBTQ
Title: Message
Here
'tis.
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=F937A913-F26E-49B5-A21E-20BA5930238D
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/e
es must be
updated.
All in
all, a pretty clean method.
HTH!
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of D
Roger,
Though I missed the obvious in Joe's post (sever the connections, then
seize the roles) I concur 100% with you. A clean Root and child domain
and migration of Sec Principals, GPO, etc - much cleaner and less
subject to the unknowns.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - A
Gotcha. You know, as whacky as it sounds, it might just work. Test
lab, here we come!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
>
Right. But, it appears that you've joined a list server for Microsoft
Active Directory discussion. If this was in error, and you would like
to unsubscribe, please see the following links to remove yourself from
the service.
Thanks!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - A
by one or the other.
With the current tools, I can't even imagine this being successful -
without a migration of new Company B's computers, users, and groups
(plus all of the ancillary stuff) to a new forest.
Ack!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associat
Stuart,
Thanks for the clarification. Much appreciated!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On
Thanks for the update on this. I hadn't seen this infomration.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECT
> Ack!
So, Mike - would that be a definitive YES, or an absolute NO
;-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [m
to just play around with it, I'm not sure what to tell
you. MS may offer a trial as they do with many other packages. I, for
one, wouldn't count on it.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzon
way, it's usually a
perceptive issue in time.
Hope
this helps.
Rick Kingslan MCSE, MCSA,
MCTMicrosoft MVP - Active DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On B
cents.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Patton, JimSent: Tuesday, November 19, 2002
8:35
Cool! Glad that you found the information that you needed.
Unfortunately, a lot of the folks on this list don't have access to
Premier content. Would you be able to summarize the information for
them so that all can learn from your findings?
Thanks!
Rick Kingslan MCSE, MCSA, MCT
Microsof
- though I'd think limited.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Andy Grafton
> Sent:
EFORE replying to list posts.)
BTW - we _love_ our Cisco engineers as they are the folks that tell us
when we're wrong below layer 4. ;)
I'll leave it to the other good folks here to provide some guidance as I
have to run off to work to get beat up by the Cisco guys...
Rick Kingslan
All W2K user accounts are placed in multiple OUs that
> > > reside in
> > > > the Users container
>
> -Original Message-
> From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 18, 2002 9:04 PM
> To: [EMAIL PROTECTED]
> Subject: RE:
Linton,
Yep - I've seen this. However - For the record - I'm with you. Why,
truly, would you want to?
Thanks much!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Messag
Nope - that's not the point. The Users Container is just that - a
container. It's not an AD Object, per se. You cannot create OUs under
it.
If I'm mistaken, please tell me how. I'm able to err - and quick to
admit it.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
d re-think this..
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> Salandra, Justin A.
> Sent: M
are good, and it's a very popular utility for this type of
purpose.
http://www.ss64.demon.co.uk/nt/robocopy.html
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[
ut 30
DCs and moved them to another forest - and the NS records and name listings
are not on the DNS in the old forest.
Re-direct me if this is not an accurate representation.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windows
Right - he got zero response to his first query, I'm sure that he thought it
never hit the list. Give him some slack, David.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original
.
Handy,
but I've not had the time to build upon them. If the question is are they
causing any problems in production - No.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message
es in place. They aren't there for Whistler, to say the
least.
Longhorn axed : http://entmag.com/news/article.asp?EditorialsID=5585
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Origin
free,
even) then wait to implement the fix. This, given the fact that every
one of the error messages led to the same conclusion and fix?
I'd get your most recent GOOD backup and start restoring. Your users
are going to appreciate it.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Dire
on,
configured, and the logs are available.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Jones, Rick J.(Desk
Title: Message
Cool! I'll invest the savings back into the moneys that MVP charges
me to be a member!
:P
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[
Title: Message
And,
to the fact that mail systems, list servers and SMTP are not quite governed by
the same rules as TCP - in-order delivery *NOT* guaranteed!
:)
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp
s the ADSizer.exe tool that will help you with some of the nuances
of the process.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q274305&
Hope
this helps!
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/e
ot that it can't be done, it just takes a lot of work. Find the
Exchange Security Operations Guide on the MS site as well. Well worth
the read...
Hope this helps
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windo
I wouldn't leave anything in the container that you don't want them to
mess with. But - we are talking about computer accounts. If they were
user accounts, this would be a quite different conversation.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associat
Probably not - and I agree. But there are a lot of off-topic issues
that are discussed here, Larry.
If Tony wants to stop it, I'd invite him to do so. I have no problems
with the list owner killing a conversation.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate E
delete it, as you've stated. But, there is a change of permissions that
really only does come with FC on the object.
Try this and let me know if that works. I have this documented, but not
on hand at the moment.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Exp
hat would actually validate the request.
Right now, it's a bit messy. But, be looking for a couple of things
from MS and third parties (Aelita, Cisco) to pony up, too. I know that
Cisco has ACS, but I'm not quite as up on that as I should be to know if
it would help in this scenario.
H
Point(s) taken. Thanks for the correction, Roger. I wasn't aware that
EDI was still so 'alive and kicking'.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message--
eplicas will be converged within a specific
time frame. Mistakes can happen, as apparently you are aware of, but AD
does not have intrinsic mechanisms in place to safeguard against them
all.
I wish
that I could offer more - but by default, the answer is still
bleak.
Rick Kingslan MCSE, MCS
ting AD objects, and that the Security log still has the
relevant entries. But, for the rest of them, Win2k doesn't have a facility
to be able to tell you these things.
Apologies....
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone - www.Mic
your control could also be put into the logon script that normally would
not be run at an escalated privlege.
Robbie, Richard, Gil - either of you have an idea here? I've talked
myself out of the ease and security of this approach. Might you have
another?
Rick Kingslan MCSE, MCSA, MCTMic
cate across
the common communication verbs that is XML, SOAP, etc.
With all due respect, Justin - (there may be one here, I don't know) you
need to find an expert on BizTalk and the medical industry. This one's
a REAL toughy! I'd run away very fast if at all possible.
Rick Kingslan
the Ent. Admin password. :)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of
or
secure operations in this type of environment. All three put out
substantial and important documents detailing the lockdown procedures for
Windows systems and secure communications from trusted to untrusted
zones.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate Ex
f the registry.
Let me
know if you need any help or guidance in determining application or turning on
the logging.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original Message-From:
[
s them appropriately, and they
are sent back to the proxy for the out-going trip for the reverse process to get
to the originator.
Hope
this helps to some degree....
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/
/path/application that you are
installing.
Look
here for more information:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q278472
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
-Original
known Bill by reputation for a few years, and highly recommend this book.
It's a very good book to get you going. The reskits are a must have for
the troubleshooting, technical nuts and bolts, etc.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone
ied to install without MCS),
and was not very anxious to spend the cash on a MCS contract to so
something I already knew how to do.
Thanks, Brian! Just made my day.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/window
Title: Message
Mark,
In
Native mode, NTLM authentication is still supported, but Kerberos is preferred
for those clients that can respond.
HTH!
Rick Kingslan - Microsoft Certified Trainer MCSE+I on
Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000
Server]"Any suffici
Yes, there is a proper way. They were likely put there using the
'DCPROMO.EXE' utility. DCPROMO also removes DCs from the domain.
This is the proper way.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"A
Congrats on figuring it out, and good work.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original Messag
nderstanding of what is
happening. There are way too many Techs out there already that have no
clue at all what layers 1 - 4 do, or why they are important. Do
yourself (and the rest of us) a favor - learn Networking in layers 1 - 4
COLD. You'll be glad that you did!
>
> Thankyou
Y
nd your user's ISP's would be using it and proxying
for you. Which, considering you've mentioned nothing about it, I
surmise that they aren't.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficie
RADIUS or IAS and
2. Your WAN between domains is not the problem (timeout or otherwise)
Good luck!
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
nd it has nothing to do with
RADIUS or IAS. What else do you have in the event logs of the RAS
server that might help?
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable
at go with the
creation of site objects) that optimize AD in its use OF the currently
optimized network infrastructure.
Anything else is the tail wagging the dog.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficientl
Title: Message
Nope -
deployed to 40+ DC's with not one hitch. Moving on to the 250
Members....
Rick Kingslan - Microsoft Certified Trainer MCSE+I on
Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000
Server]"Any sufficiently advanced technologyis indistinguishable
at go with the
creation of site objects) that optimize AD in its use OF the currently
optimized network infrastructure.
Anything else is the tail wagging the dog.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficientl
I'd be interested - Yes, please do post it.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original M
emains, however improbable, must be the truth."
In your case, I think this, too, applies. Strange thing, these
computers. ;)
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistin
Yes - what's the question?
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original Message-
> F
;
> -- Original Message --
> From: "Salandra, Justin A." <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date: Thu, 24 Oct 2002 09:47:56 -0400
>
> So I can use ADMT v2 in a Windows 2000 AD environment to
> migrate
urawski
Sr. Network Administrator - MCSE 2000
WorldTravel BTI
1055 Lenox Park Blvd
Suite 420
Atlanta, GA 30319
Phone: (404) 923-9468
Fax: (404) 949-6710
Cell: (678) 549-1264
=
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft
it. Looking st the
construction of SIDs and RIDs, this makes sense, though.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur
. No, really - I'm not bitter
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original Message-
>
of.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q225087&
is a good source of information on HOW to write these extensions. (Note -
this is primarily aimed at the legacy, but the syntax is the
same.)
Good
luck!!
Rick Kingslan - Microsoft Certified Trainer MCSE+I on
d collection of tools at:
www.joeware.net
Rick Kingslan - Microsoft
Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows
2000 MVP [Windows NT/2000 Server]"Any sufficiently advanced
technologyis indistinguishable from magic." --- Arthur C.
Clarke
-Original Me
ute exclusion
Agent credentials no longer required
"Fix membership" is optional
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
hat I posted
on the 16th?
The more likely cause was that I made it so unintelligible that no one
could understand it Sorry about that!
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently ad
s on some DMZ or Internet facing systems -
more to foil the common 'after school' scripters, rather than the more
seasoned who will look for SIDs rather than just by name.
It's a security practice that is really not that uncommon, and you may
have hit the nailon the head, Tony.
Rick K
Ummm... Yeah, you do!
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original Message-
> From:
t
yet determined if the fixes were past the 'freeze' point on SP3 or not.
(For reference, see Q323759)
Sadly, it seems that IE and Windows are developed by radical factions
within Microsoft that just don't get along - and worse - don't seem to
work too well together.
I hope that I&
Glad to hear that it's working properly. I could be what is termed in
our environment as a PICNIC issue - Problem In Chair - Not In Computer.
;)
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficientl
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of David Adner
> Sent: Friday, October 18, 2002 8:08 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [ActiveDir] Account Operators can't move users
>
>
> Well, sorry to raise a fuss, since
Justin,
Check that - NTDS.DIT resides in the %systemroot%\NTDS folder, not
SYSVOL. You can, however, put the .DIT file on the same volume/drive
with the SYSVOL, if you desire. DS doesn't replicate with the SYSVOL.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Tr
erage computer person. ;)
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -Original Message-
> F
one it...)
Are you saying the you would prefer a user to have to login as DN=John
Doe,CN=Users,CN=Sales,CN=North America,CN=Corp,CN=com, then prompted for
a password?
I'm not 100% sure that I understand the gripe.
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Tr
By default, printers are published to the directory. You have to REMOVE
a check box during the setup of the printer (or, remove it after the
fact in the printer properties) to prevent/remove the publishing of a
printer to the directory.
Rick Kingslan - Microsoft MVP [Windows NT/2000
Heh... Welcome to the wonderful world of the Corporate Security
'heavy-hander'!
;)
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
-
we have
to lock them down to ONLY what we want them to do.
If anyone wants a copy o it, let me know. I'll shoot it off to you...
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
he top one,
check the 2nd one, and check the bottom 2 - one will be to Associate
External Account).
> * E2K to E2K migration. A lot of ven-duhs have E5.5 to E2K migration
> tools, there is not much E2K to E2K migration tools. Are there any best
> practices / tools around e2K to E2K
Title: Message
Try
unsubscribing - see the links below:
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
-Original Message-From:
[EMAIL PROTECTED] [ma
aged to migrated the password.
This has worked quite well for us in moving ~15,000 users, computers,
groups, etc. from one forest/domain to another.
If you have any questions, don't hesitate to ask.
Rick Kingslan - Microsoft Certified Trainer
MCSE+I on Windows NT 4.0
MCSE on Windows 2000
MV
Roger,
100% concur on this. We've pared our 'old world' WINS design from 27
WINS to 3 - one at each major data center with Push/Pull between each.
With the addition of the more stable and reliable Win2k WINS, life has
gotten much simpler in regards to WINS name resolution.
901 - 1000 of 1153 matches
Mail list logo